Sarah Boyce
ae0ca8345d
[4.2.x] Post-release version bump.
2024-08-06 15:32:16 +02:00
Sarah Boyce
4d32ebcd57
[4.2.x] Bumped version for 4.2.15 release.
2024-08-06 14:56:30 +02:00
Simon Charette
f4af67b9b4
[4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
...
Thanks Eyal (eyalgabay) for the report.
2024-07-31 16:12:35 +02:00
Mariusz Felisiak
efea1ef7e2
[4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
...
Thanks Seokchan Yoon for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-31 16:12:23 +02:00
Sarah Boyce
d0a82e26a7
[4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thanks to MProgrammer for the report.
2024-07-31 16:12:11 +02:00
Sarah Boyce
fc76660f58
[4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
...
Thanks Elias Myllymäki for the report.
Co-authored-by: Shai Berger <shai@platonix.com>
2024-07-31 16:11:59 +02:00
Sarah Boyce
7b1a76f899
[4.2.x] Added stub release notes and release date for 4.2.15.
...
Backport of 3f88089069
from main.
2024-07-31 11:29:30 +02:00
Lorenzo Peña
96a3497400
[4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().
...
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.
Regression in 9e9792228a
.
Backport of 0e94f292cd
from main.
2024-07-25 09:44:51 +02:00
Mariusz Felisiak
c5d196a652
[4.2.x] Fixed auth_tests and file_storage tests on Python 3.8.
2024-07-11 11:10:15 +02:00
Natalia
8e59e33400
[4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to security archive.
...
Backport of e095c7612d
from main.
2024-07-09 12:00:22 -03:00
Natalia
72f6c7d3a6
[4.2.x] Post-release version bump.
2024-07-09 11:08:49 -03:00
Natalia
98cf264c9c
[4.2.x] Bumped version for 4.2.14 release.
2024-07-09 10:53:02 -03:00
Sarah Boyce
17358fb35f
[4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
...
Language codes are now parsed with a maximum length limit of 500 chars.
Thanks to MProgrammer for the report.
2024-07-09 10:40:50 -03:00
Natalia
2b00edc015
[4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
...
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9
[4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
...
Refs #20760 .
Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642
[4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
...
Thank you to Elias Myllymäki for the report.
Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-09 10:40:37 -03:00
Natalia
446cdab134
[4.2.x] Added stub release notes for 4.2.14.
2024-07-03 14:18:28 -03:00
Natalia
d26c8838d0
[4.2.x]Post-release version bump.
2024-05-07 14:44:42 -03:00
Sarah Boyce
3bf46e2e02
[4.2.x] Bumped version for 4.2.13 release.
2024-05-07 17:37:03 +02:00
Sarah Boyce
b46b94e66c
[4.2.x] Added release notes for 4.2.13.
...
Backport of 90175e110e
from main.
2024-05-07 17:35:16 +02:00
Natalia
1536833e93
[4.2.x] Post-release version bump.
2024-05-06 14:36:28 -03:00
Sarah Boyce
6193c720b5
[4.2.x] Bumped version for 4.2.12 release.
2024-05-06 17:24:48 +02:00
Sarah Boyce
3f9c8fc1f9
[4.2.x] Added release date for 4.2.12.
...
Backport of 34a503162f
from main.
2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3
[4.2.x] Reverted "Fixed #34994 , Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin."
...
This reverts commit 0fc832676c
.
2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c
[4.2.x] Fixed #34994 , Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin.
...
Backport of bdd76c4c38
from main.
2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa
[4.2.x] Refs #35361 -- Clarified release notes for 4.2.12.
...
Backport of cd823778e6
from main.
2024-04-12 15:07:36 +02:00
Natalia
27c32cc991
[4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e
.
...
Backport of 42435fc55c
from main.
2024-04-10 18:29:33 +02:00
Mariusz Felisiak
0d3ddcaf2c
[4.2.x] Refs #34900 , Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on Python 3.13.
...
Payloads with surrogates are passed to the set_payload() since
f97f25ef5d
Backport of b231bcd19e
from main.
2024-04-10 18:18:52 +02:00
Mariusz Felisiak
a76c52b19a
[4.2.x] Added CVE-2024-27351 to security archive.
...
Backport of da39ae4b5f
from main
2024-03-04 10:12:58 +01:00
Mariusz Felisiak
721c566859
[4.2.x] Post-release version bump.
2024-03-04 08:47:11 +01:00
Mariusz Felisiak
61a986f53d
[4.2.x] Bumped version for 4.2.11 release.
2024-03-04 08:43:32 +01:00
Shai Berger
3c9a2771cc
[4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
...
Thanks Seokchan Yoon for the report.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139
[4.2.x] Added release date for 4.2.11 and 3.2.25.
...
Backport of 977d254169
from main
2024-02-26 08:29:04 +01:00
Daniel Garcia Moreno
86d8034972
[4.2.x] Refs #34900 , Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.2+.
...
Python 3.12.2 bring back the skipped tests in the number of running
tests. Refs
0a737639dc
Backport of bc8471f0aa
from main
2024-02-10 17:08:48 +01:00
Mariusz Felisiak
cb173bb088
[4.2.x] Fixed #35172 -- Fixed intcomma for string floats.
...
Thanks Warwick Brown for the report.
Regression in 55519d6cf8
.
Backport of 2f14c2cedc
from main.
2024-02-08 11:00:36 +01:00
Natalia
227ef29cff
[4.2.x] Added CVE-2024-24680 to security archive.
...
Backport of c650c1412d
from main
2024-02-06 12:16:50 -03:00
Natalia
e2f1907642
[4.2.x] Post release version bump.
2024-02-06 10:04:22 -03:00
Natalia
a684d73fc9
[4.2.x] Bumped version for 4.2.10 release.
2024-02-06 09:57:24 -03:00
Adam Johnson
572ea07e84
[4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
...
Thanks Seokchan Yoon for the report.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
2024-02-06 09:56:20 -03:00
nessita
9fe7411235
[4.2.x] Pinned black == 23.12.1 for blacken-docs checks.
2024-01-30 05:47:27 +01:00
nessita
71dd587da9
[4.2.x] Pinned black == 23.12.1 in GitHub actions, pre-commit and test requirements.
2024-01-29 12:53:06 -03:00
Natalia
74582b8d11
[4.2.x] Added stub release notes for 4.2.10 and 3.2.24.
...
Backport of 06d0a1bd56
from main
2024-01-29 12:09:52 -03:00
Mariusz Felisiak
4198a5cb2d
[4.2.x] Post-release version bump.
2024-01-02 10:11:39 +01:00
Mariusz Felisiak
f339c4c8e4
[4.2.x] Bumped version for 4.2.9 release.
2024-01-02 10:10:11 +01:00
Mariusz Felisiak
0a4c5e56b4
[4.2.x] Added release date for 4.2.9.
...
Backport of f82a2c3b3d
from main.
2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813
[4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line.
...
Thanks James Gillard for the report.
Regression in 729266c6f2
.
Backport of 4aae864463
from main
2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb
[4.2.x] Added stub release notes for 4.2.9.
...
Backport of 464af0975c
from main
2023-12-05 06:12:20 +01:00
Mariusz Felisiak
a315e82f31
[4.2.x] Post-release version bump.
2023-12-04 09:29:47 +01:00
Mariusz Felisiak
dff965798e
[4.2.x] Bumped version for 4.2.8 release.
2023-12-04 09:26:51 +01:00
Mariusz Felisiak
52e28e5fbf
[4.2.x] Added release date for 4.2.8.
...
Backport of 8fcb9f1f10
from main
2023-12-04 09:25:56 +01:00